s4:provision - Bump down the domain and forest level to Windows 2000
Matthias Dieter Wallnöfer
mdw at samba.org
Mon Sep 21 03:41:59 MDT 2009
Yeah, abartlet I understood your arguments.
Well, the domain controller function level change was silly - though. To
revert it cleanly I need also to adapt it in the "libcli" library which
is used when we itself join as a DC.
Regarding the domain/forest function level - I personally - don't see
much problems since I wrote the "domainlevel" tool as step-up. Also per
default Windows Server uses the lowest supported level and you can
step-up afterwards. Maybe it was not right to step-down to Windows 2000
compatibility; therefore Windows 2003 compatibility could be the right
value.
So for now I accept your change there but I would like to discuss that
another time.
Matthias
Andrew Bartlett schrieb:
> On Fri, 2009-09-18 at 10:51 -0500, Matthias Dieter Wallnöfer wrote:
>
>
>> commit 89f5df6fa7cca1aaec81e29b8777bab5b4068003
>> Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
>> Date: Fri Sep 18 16:21:29 2009 +0200
>>
>> s4:provision - Bump down the domain and forest level to Windows 2000
>>
>> - The DC level we keep on Windows Server 2008 R2 (we should call ourself
>> always the newest server type)
>> - The domain/forest level we set to the minimum (Windows 2000 native) to
>> allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed"
>> mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is
>> set always to 0
>> - I'll add a script which allows to bump the DC level (basically sets the
>> "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and
>> on the "DC" object)
>>
>
> Matthias,
>
> I'm puzzled as to why we needed to change the default functional level
> here. Perhaps I'm missing something, but what was wrong with the old
> default?
>
> I'm quite happy to have options in our provision to set the domain
> functional level (certainly between Windows 2003 and Windows 2008
> level), and have scripts to change it, but the default should not be
> changed without discussion on the list.
>
> Similarly, we should not advertise a higher server functional level
> without carefully considering and discussing the consequences.
>
> I'm sorry to have to be so picky about this, but we need to work a bit
> closer to review your changes for their broader impact. We have a big
> week of testing coming up at Microsoft, and changes like this mid-week
> could really throw a spanner in the works.
>
> Andrew Bartlett
>
>
More information about the samba-technical
mailing list